Italy's largest bank, UniCredit, says accounts of some 400,000 customers in Italy have been hacked.
The bank said in a statement Wednesday that the hackers accessed only data related to personal loans, and that it was breached through an unidentified external third-party commercial partner.
Initial breaches occurred September and October of 2016 and had not previously been disclosed. They were followed by a more recent one in June and July. The bank said no passwords appear to have been jeopardised, but that personal data, including names and birthdates, along with IBAN numbers "might have been accessed."
According to Bloomberg, the UniCredit hack is one of the biggest breaches in Europe to-date, however it spoke to Daniele Tonella, the CEO of UniCredit Business Integrated Solutions, which handles the IT department of the bank who said:
"There aren't material damages for the bank and its clients from these attacks. No data, such as passwords allowing access to customer accounts or allowing for unauthorised transactions, has been affected," Tonella said.
Tonella told Reuters: "We don't know why this data was acquired," adding that it also did not know who was behind the attacks.
The bank said it was filing a criminal complaint with prosecutors and is taking action to close the breach. At the same time UniCredit is reportedly investing €2.3 billion ($2.7 billion) in upgrading and bolstering its IT systems through technological advancements and digitalisation activities.
Banks have become prime targets for hackers as cyber criminals try to find new ways to exploit vulnerable systems to pull off cyber heists. In November 2016 Tesco Bank was subject to a hack that resulted in the loss of £2.5 million, while Bangladesh Bank was hit by cyber criminals stealing a staggering $81 million (£62 million).